Privacy Research

I Read the Privacy Policies of 7 AI Meeting Recorders. Most Store Your Audio Forever.

March 2026 · 8 min read

I got tired of reading marketing pages that say "we take your privacy seriously." So I read the actual privacy policies and terms of service for every major AI meeting recorder.

The results are bad.

Why this matters

Your meetings contain things you would never post publicly. Client strategy. Legal exposure. Personnel decisions. M&A discussions.

When you use an AI meeting recorder, that content goes somewhere to get transcribed. The question is: where does it go, how long does it stay, and who can access it?

Most tools bury the answer in a 4,000-word privacy policy. I read them so you don't have to.

How I scored them

Five dimensions, each scored 0 to 100:

  1. Audio handling. Is audio uploaded to the cloud? Retained after transcription?
  2. Cloud exposure. Where do transcripts live? Who has access?
  3. Data retention. How long does your content stay on their servers?
  4. Third-party sharing. Does your content hit OpenAI, Google, or other APIs you didn't choose?
  5. Subpoena risk. If this data exists on someone else's server, it is legally compellable.

Final grade: weighted average, A through F.

The results

F Otter.ai

Otter uploads audio to their servers for cloud transcription. As of our March 2026 review, their privacy policy states recordings are stored until you manually delete them, with account data held 30 days after deletion. No local processing option exists. If opposing counsel subpoenas Otter, your meeting recordings are potentially discoverable. Verify current policy at otter.ai.

F Fireflies.ai

Fireflies drops a bot into your call. The bot records full audio and video, uploads everything to their cloud. As of our March 2026 review, recordings are visible to workspace admins by default. The bot also appears as a named participant, which creates consent issues in regulated industries. Other attendees can see a third party is recording.

F tl;dv

Same bot model as Fireflies. It joins your call, records video and audio, uploads to their cloud. Content is stored on their servers and subject to the same legal exposure.

D Fathom

Recording and transcription happen via their cloud infrastructure. Fathom focuses on summaries rather than full recording storage, which is a step up from the F tier. But content still processes through their systems.

D Granola

Granola captures audio locally on your machine. That is a real improvement over every tool above. As of our March 2026 review, transcripts are sent to cloud AI APIs for summarization, meaning your meeting content still reaches third-party AI infrastructure. Granola's policy also states they may use de-identified data to train their own AI models, with an opt-out available in account settings. For lawyers or executives discussing anything sensitive, both the cloud summarization and the default use of de-identified data for model training (opt-out available in account settings) are worth reviewing. Verify Granola's current architecture and settings at granola.ai.

C Zoom AI Companion

Zoom processes content within their existing infrastructure with enterprise-grade controls over retention. Not private in any rigorous sense. But the documentation exists, the compliance team is real, and the policies are at least written to be read.

C Microsoft Copilot (Teams)

Similar to Zoom. Enterprise controls, documented policies, a company with real legal accountability. Not private, but more accountable than a seed-stage startup storing your audio on AWS with a two-person team.

Disclosure: MeetingVault

I am building a meeting transcription app called MeetingVault, so I have an obvious conflict of interest here. I started building it precisely because this research made me uncomfortable with the alternatives.

The architecture we chose:

  • Transcription runs locally on your Mac using Whisper. The model runs entirely on-device.
  • Audio is transcribed locally, then deleted. It never leaves your machine.
  • Transcripts stay on your local filesystem. No cloud sync.
  • No network calls during recording or transcription. You can verify this yourself with Little Snitch or Wireshark.

The tradeoffs are real. You need a Mac from 2020 or newer. Transcription is slower than a cloud API. There is no mobile app yet.

I am not going to grade my own product in this comparison. You can read how it works and decide. But the point of this post is the research, not the pitch.

What to do with this

For routine meetings: Any of these tools work fine. Your weekly standup is not sensitive.

For legal, medical, financial, or confidential conversations: Think harder. The F-tier tools store full audio indefinitely. "We take your privacy seriously" in a marketing email is not a data handling policy.

For enterprise: Zoom and Teams have compliance teams, audit logs, and data processing agreements. The indie tools often do not.

For consultants and anyone under NDAs: If your client's confidential strategy session is sitting on a startup's S3 bucket, you have a problem. Local processing is the only architecture that eliminates third-party data risk entirely.

I am happy to be corrected on any policy details. These companies update their terms regularly, and I want this to be accurate.

Joe Bond is building MeetingVault, a Mac app for local meeting transcription. No cloud, no bots. The waitlist is at getmeetingvault.com.

MeetingVault transcribes locally. Audio never leaves your Mac.

No cloud. No server. No admin with access to your recordings. Transcription runs on your Mac using on-device AI. The audio is discarded after processing, and the transcript stays on your machine.

Join the waitlist
← All posts

Competitor policy claims in this post are based on our review of publicly available privacy policies and terms of service, last reviewed March 22, 2026. Policies may have changed since then. Always verify directly with the vendor before making purchasing or compliance decisions.